Vulnerability Details CVE-2018-11260
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow may lead to a buffer overflow when the key length is zero.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://www.securitytracker.com/id/1041432
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9fd239116d9cb19a18b3892b8a1f428636ca1453
- https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin
- http://www.securitytracker.com/id/1041432
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9fd239116d9cb19a18b3892b8a1f428636ca1453
- https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin